Senior Engineer, Product Security Testing - News Corp Job in News Corp

Job Description : What You ll Do We are seeking a skilled and experienced Vulnerability Assessment and Penetration Testing (VAPT) Specialist to join our dynamic team. In this role, you will be responsible for conducting comprehensive VAPT activities for both web and mobile applications. Additionally, you will play a key role in Static Application Security Testing (SAST), Software Composition Analysis (SCA), and Threat Modelling processes. Your expertise will contribute to the security enhancement of our digital assets, ensuring the utmost protection of sensitive information. Collaboration with internal team members, external partners, and relevant stakeholders within the News Corp community will be essential to achieve success in this role. Responsibilities Conduct thorough Vulnerability Assessment and Penetration Testing (VAPT) for web and mobile applications to identify potential security weaknesses, vulnerabilities, and risks. Perform Static Application Security Testing (SAST) to analyse application source code and uncover security issues at an early stage of development. Implement Software Composition Analysis (SCA) techniques to identify and manage third- party components and libraries, assessing their security posture. Collaborate with cross-functional teams to integrate security practices into the software development lifecycle, ensuring secure coding standards and practices are followed. Lead Threat Modelling exercises to proactively identify and evaluate potential security threats and risks, providing recommendations for mitigation strategies. Work closely with team members, partners, and relevant businesses within the News Corp community to understand their security requirements and address their concerns. Develop and maintain comprehensive documentation related to VAPT, SAST, SCA, and Threat Modelling processes, findings, and recommendations. Stay up-to-date with the latest security trends, vulnerabilities, and industry best practices to continually improve the effectiveness of security measures. Experience with common information security management frameworks like NIST CSF, NIST SP 800, OWASP. Extensive experience with web and mobile application security tools like code scanners (Checkmarx, Fortify, Snyk, Nexus) and dynamic analysis tools (Burp Suite, HCL Appscan, OWASP ZAP, etc.). Review application code for security vulnerabilities and practices dangerous to security and privacy. Identify areas for automation and tooling to increase code coverage. Manage integration with manual and automated tools for static and dynamic testing. Write reports including recommendations, root cause analysis, security summary analysis, and project roadmaps. Establish metrics and reporting to track coverage and effectiveness of security processes. Provide guidance and mentorship to junior team members, fostering skill development and knowledge sharing. Lead analysis of the current environment to detect critical deficiencies and recommend solutions for improvement Required Experience & Qualifications Minimum 4-6 years of experience in Application Security performing DAST, SAST, Penetration Testing, SCA and Threat Modelling 1-2 years of software development with at least 1 year in developing secure systems. Experience in one or more of the following modern languages/frameworks - Python, Java, Ruby, node.js, JavaScript, PHP. Basic understanding of DevOps principles and building code pipelines. A passion for application security and working knowledge of web application and Mobile application vulnerabilities and mitigations. Known for being a great communicator and collaborator with excellent written and verbal communication skills. Provide recommendations to improve the effectiveness of the scanning tool to reduce future false positives Conducting communications to the respective audiences at the proper frequency Managing root cause analysis and lessons learned to accommodate growth in maturity and improve overall technical hygiene Prioritise responses to accommodate scale and business needs Desired Qualifications Professional certifications such as CPENT, CEH, OSCP, or related certifications are a plus. Proficiency in programming languages commonly used in web and mobile application development. Excellent verbal, written, and interpersonal communication skills Experience working in a large enterprise environment Strong analytical skills with high attention to detail and accuracy Able to work effectively, as well as independently, in a team environment Strong organisational, multi-tasking, and prioritising skills Able to meet time-sensitive deadlines required Able to work collaboratively and build consensus is essential Able to make sound decisions and exercise good judgement Able to work and achieve goals without constant supervision Able to handle confidential material in a professional manner Preferred Skills & Knowledge Advanced knowledge and experience in VAPT, Threat Modelling, Red Teaming activities. Location: Bangalore Working Arrangement: Hybrid - a minimum of three days in office per week Equal Opportunity Employer All qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, national origin, protected veteran status, or disability status. EEO/AA/M/F/Disabled/Vets This job is posted with NTS Technology Services Pvt. Ltd.